What is a Supply Chain Attack?
Keeper’s Guide to Supply Chain Cyberattacks
Get Protected Now
Learn to Understand, Detect and Protect Against Software Supply Chain Attacks
Supply chain attacks are often overlooked cyberattacks, but they can cause catastrophic damage given enough time. Supply chain attacks target vendors and suppliers instead of directly targeting a specific business, making them more difficult to detect and prevent if your vendors aren’t maintaining strict cybersecurity policies and using the best tools.
In this guide, we’ll look closer at what a supply chain attack is, how to detect it, and how to prevent your business from becoming the next victim of a supply chain cyberattack.
What is a Supply Chain Attack?
A supply chain attack (also known as a third-party attack, value-chain attack or backdoor breach) is when an attacker accesses a business’s network via third-party vendors or suppliers; or, through the supply chain. Supply chains can be massive in scope and complex in their relationships, which is why some attacks are so difficult to trace.
Many businesses work with dozens of suppliers for everything from ingredients or production materials to outsourced work and technology. This is why it’s so important to protect the supply chain and ensure the companies you’re working with are as committed to that protection as you are.
Get Protected Now
How do Supply Chain Attacks work?
Supply chain attacks work by delivering viruses or other malicious software via a supplier or vendor. For example, a keylogger placed on a USB drive can make its way into a large retail company, which then logs keystrokes to determine passwords to specific accounts. Cybercriminals can then gain access to sensitive company information, customer records, payment information and more.
Supply chain attacks come in many forms, including software, hardware and firmware attacks.
Software Supply Chain Attack
A software supply chain attack only requires one compromised application or piece of software to deliver malware across the entire supply chain. Attacks will often target an application’s source code, delivering malicious code into a trusted app or software system.
Attackers often target software or application updates as entry points. The problem with software supply chain attacks is that they’re so difficult to trace, with cybercriminals often using stolen certificates to “sign” the code to make it look legitimate.
Hardware Supply Chain Attack
Hardware attacks depend on physical devices, much like the USB keylogger we mentioned earlier. Attackers will target a device that makes its way through the entire supply chain to maximize its reach and damage.
Firmware Supply Chain Attack
Inserting malware into a computer’s booting code is an attack that only takes a second to unfold. Once a computer boots up, the malware is executed, jeopardizing the entire system. Firmware attacks are quick, often undetectable if you’re not looking for them and incredibly damaging.
How Companies Can Detect Supply Chain Attacks
Detecting a supply chain attack quickly is the key to ensuring the damage isn’t irreversible. By using modern tools, you can detect all kinds of supply chain attacks from firmware to software and beyond. Here’s what you need:
- Keeper BreachWatch®: Use BreachWatch to see if your business (or personal) data has been compromised in an attack. Compromised data is always more vulnerable and can provide an easy entry point for malware.
- Network Detection And Response (NDR) tools: Using NDR tools, you can monitor all of your company’s web traffic for malicious activity. This is especially important if you provide a “guest” WiFi network for vendors entering the building or working with the business.
What Can Companies Do to Mitigate the Risk of Software Supply Chain Attacks?
Mitigating software supply chain attacks requires a few great tools. Here are some options:
- Invest in SOC (security operation center) analysts. These IT professionals will look closely at your business’s cybersecurity infrastructure to identify any problems or missing protection. They’ll also react to threats, analyze the effects of any attacks and work to improve your system.
- Use an Enterprise Password Management Platform (EPM) like Keeper. Keeper helps prevent Supply Chain Attacks by giving IT administrators complete visibility into employee password practices, as well as the ability to enforce password security rules company-wide.
- Deploy a fake attack with red teams and blue teams. Your red team will create a fake attack in order to mimic a live threat and the blue team will react to it. This can help you identify how threats operate and whether or not your current cybersecurity model is enough to stop an active threat.
- Make cybersecurity a regular part of your company’s training regiment. Every employee should understand the importance of cybersecurity and their role in the company’s overall cybersecurity.
- Have contingency plans/threat models which include every third-party provider. You should always have a contingency plan in place in the event that any third-party provider is compromised or compromises your system. A threat model can help you visualize potential threats that may arise from your vendors/suppliers.
- Apply vendor access controls. Restricting the vendor’s access to your system is a great way to mitigate potential threats. In other words, don’t let vendors access anything other than what they need to for the job.
Examples of Supply Chain Attacks in the News:
The SITA data breach is estimated to have exposed more than 580,000 records from Malaysia Airlines’ Frequent Flyer program. Finnair, Air New Zealand, and others also reported breaches, exposing hundreds of thousands of records on customers across each airline. Singapore Airlines shared data with a company called Star Alliance, which is where the attack is believed to have originated. From there, it spread across the entire supply chain.
In perhaps one of the largest data breaches ever, the IT company SolarWinds was the victim of a supply-chain, malware attack delivered through the company’s own servers during a software update. This attack affected the US Treasury Department, the US Department of Defense, and many others.
A supply-chain attack was recently announced by ClickStudios, the creators of Passwordstate, which is based in Australia. According to reports, an attacker gained access to Passwordstate’s update server, which is hosted on a 3rd party CDN. Any customer who updated their software during that time period likely downloaded the malicious software DLL.
The malicious software was able to decrypt all of the stored data in the customer’s SQL database using encryption keys hosted on the web server’s filesystem. Since Passwordstate software does not use client-side encryption, the attacker was able to decrypt the entire database and exfiltrated the plaintext data to the attacker’s server.
Don’t Fall Victim to a Supply Chain Attack. Protect Your Business with Keeper Now.
Get Protected Now